[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Exec-Shield vs. PaX

Scripsit Yven Johannes Leist <leist@xnap.org>

> Well, I for one would love to see a security announcement one day, which 
> contains something like: 
> "All users running the standard Debian kernel are not affected, since the 
> special security features the Debian kernel contains prevent the 
> exploit/attack in question." :)

Hm, what I've been able to glean from the discussions seems to imply
that any software that's vulnerable to a remote access exploit
*without* the kernel-level protection in question, would still at
least be vulneable to a DoS attack, killing the server (or whatever)
process instead of giving the attacker actual control. So we'd still
want to provide security updates to the same extent as without.

Henning Makholm               "Hele toget raslede imens Sjælland fór forbi."

Reply to: